CodeQL queries code as though it were information, which allows developers to compose a query that discovers all the variations of a vulnerability, and afterward share it with others. CodeQL is an open-source semantic code analysis engine that works in two stages. First, as a feature of the compilation of source code into binaries, CodeQL fabricates a database that catches the model of the compiling code.
"For interpreted languages, it parses the source and builds its own abstract syntax tree model, as there is no compiler. Second, once constructed, this database can be queried repeatedly like any other database. The CodeQL language is purpose-built to enable the easy selection of complex code conditions from the database," Microsoft notes.
In a blog post that details how it utilized the CodeQL technique, Microsoft alluded to the SolarWinds assault as Solorigate. For this situation, the attacker got into the remote management software servers of numerous organizations and infused a backdoor into the SolarWinds Orion software update. The attacker modified the binaries in Orion and dispersed them via previously legitimate update channels. This let the assailant remotely perform vindictive activities, such as credential theft, privilege escalation, and lateral movement to steal sensitive information.
Microsoft said the SolarWinds incident has reminded associations to reflect not just on their readiness to respond to sophisticated attacks, but also the strength of their own codebases. In the blog, Microsoft clarifies its utilization of CodeQL queries to examine its source code at scale and preclude the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.
Read more https://www.ehackingnews.com/2021/03/microsoft-made-codeql-queries-public.html
